Financial Watchdog Fines Equifax Ltd £11 Million
What has happened?
In October 2023, the FCA announced that it had fined Equifax Ltd £11,164,400 for failing to manage and monitor the security of UK consumer data that it had outsourced to its parent company based in the US. The breach allowed hackers to access the personal data of millions of people and exposed UK consumers to the risk of financial crime.
What are the key points of the announcement?
In 2017, Equifax’s US parent company, Equifax Inc, was subject to one of the largest cybersecurity breaches in history. Cyber-hackers were able to access the personal data of approximately 13.8 million UK consumers because Equifax had outsourced data to Equifax Inc’s servers in the US for processing. The UK consumer data accessed by the hackers included names, dates of birth, phone numbers, Equifax membership login details, partially exposed credit card details, and residential addresses.
Equifax did not treat its relationship with its parent company as outsourcing. As a result, it failed to provide sufficient oversight of how data it was sending was properly managed and protected. There were known weaknesses in Equifax Inc’s data security systems and Equifax failed to take appropriate action in response to protect UK customer data.
Following the cybersecurity breach, Equifax made several public statements on the impact of the incident on UK consumers which gave an inaccurate impression of the number of consumers affected. The firm also treated consumers unfairly by failing to maintain quality assurance checks for complaints following the incident, meaning that complaints were mishandled. This would have been a potential breach of the Consumer Duty had it occurred after the Duty had been implemented.
How can Thistle Initiatives help?
Thistle Initiatives has supported firms for over 10 years as a trusted compliance and regulatory advisor. In addition to assisting you as-and-when, our team of specialists can serve as your right hand in meeting and complying with FCA regulations. We understand the importance of staying up-to-date and compliant and are dedicated to providing the guidance and support needed to do so.
Are you looking for help with your data breach governance, outsourcing, complaints handling or Consumer Duty arrangements, or more general regulatory questions? Contact our specialist team now to schedule a free consultation. Get in touch with us by calling 020 7436 0630 or sending an email to info@thistleinitiatives.co.uk.